From 406d6f34a9dd249508aacf2c860556687c8c971c Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Sun, 4 Feb 2007 02:49:54 +0000 Subject: [PATCH] MEMORY keytab krb5_kt_get_entry sets enctype to 0 if unspecified If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well. Also - in copying out the found keytab_entry - when a kvno is unspecified, the last match found is used - not the one with the highest vno. This was caused by copying out the variable "entry" and not "match". Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/keytab/kt_memory.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index 7e055b737..044cb1f3b 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -401,13 +401,12 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) { entry = cursor->entry; - /* if the principal isn't the one requested, free new_entry - and continue to the next. */ + /* if the principal isn't the one requested, continue to the next. */ if (!krb5_principal_compare(context, principal, entry->principal)) continue; - /* if the enctype is not ignored and doesn't match, free new_entry + /* if the enctype is not ignored and doesn't match, and continue to the next */ if (enctype != IGNORE_ENCTYPE) { if ((err = krb5_c_enctype_compare(context, enctype, @@ -438,20 +437,21 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, /* if we found an entry that matches, ... */ if (match) { - out_entry->magic = entry->magic; - out_entry->timestamp = entry->timestamp; - out_entry->vno = entry->vno; - out_entry->key = entry->key; - err = krb5_copy_keyblock_contents(context, &(entry->key), + out_entry->magic = match->magic; + out_entry->timestamp = match->timestamp; + out_entry->vno = match->vno; + out_entry->key = match->key; + err = krb5_copy_keyblock_contents(context, &(match->key), &(out_entry->key)); /* * Coerce the enctype of the output keyblock in case we * got an inexact match on the enctype. */ - out_entry->key.enctype = enctype; + if(enctype != IGNORE_ENCTYPE) + out_entry->key.enctype = enctype; if(!err) { err = krb5_copy_principal(context, - entry->principal, + match->principal, &(out_entry->principal)); } } else { -- 2.26.2